At 06:32 PM 1/22/2014 -0500, Mark Tompsett wrote:
Greetings,
Paul A. asked Galen:
Could you please advise on 1.0.2 versus 0.92-1 -- the devil is always in
the details.
You should have noted that Galen had previously given a URL:
https://metacpan.org/release/GMCHARLT/MARC-XML-1.0.2
Click on
At 12:31 PM 1/23/2014 +1300, Robin Sheat wrote:
[snip]
For checking what is actually installed, you want apt-cache policy, e.g.
[snip]
The *** indicates that I have 1.0.1 installed,
libmarc-xml-perl:
Installed: 1.0.2-1koha1
Candidate: 1.0.2-1koha1
Version table:
*** 1.0.2-1koha1 0
Greetings,
Paul A. asked Galen:
Could you please advise on 1.0.2 versus 0.92-1 -- the devil is always in
the details.
You should have noted that Galen had previously given a URL:
https://metacpan.org/release/GMCHARLT/MARC-XML-1.0.2
Click on the Other files link called Changes for a fuller l
At 03:22 PM 1/22/2014 -0800, Galen Charlton wrote:
Hi,
On Wed, Jan 22, 2014 at 3:15 PM, Paul A wrote:
> Could you please advise on 1.0.2 versus 0.92-1 -- the devil is always
in the
> details.
All versions of MARC::File::XML prior to 1.0.2 are subject to the
vulnerability, including the Debia
Paul A schreef op wo 22-01-2014 om 18:15 [-0500]:
> me@hardy:/$ sudo apt-cache show libmarc-xml-perl
> Package: libmarc-xml-perl
> Version: 1.0.2-1koha1
> Architecture: all
> Maintainer: Robin Sheat
> [snip]
> Package: libmarc-xml-perl
> Priority: optional
> Section: universe/perl
> Installed-Size
Hi,
On Wed, Jan 22, 2014 at 3:15 PM, Paul A wrote:
> Could you please advise on 1.0.2 versus 0.92-1 -- the devil is always in the
> details.
All versions of MARC::File::XML prior to 1.0.2 are subject to the
vulnerability, including the Debian- and Ubuntu-packaged 0.92-1. I
recommend that you pr
At 10:32 AM 1/21/2014 -0800, Galen Charlton wrote:
Hi,
I have uploaded [1] version 1.0.2 of MARC::File::XML, a Perl module
which is used by Koha. This is a security release that repairs an XML
external entity (XXE) vulnerability. [snip]
Hi Galen - I've been keeping an eye open for this release
Galen Charlton schreef op wo 22-01-2014 om 14:41 [-0800]:
> To answer your question, in general, no, it wouldn't happen
> automatically. To upgrade MARC::File::XML from the new package, one
> would either do:
>
> sudo apt-get update
> sudo apt-get upgrade
This is normal practice for ensuring you
] SECURITY release: MARC::File::XML 1.0.2
Message-ID:
Content-Type: text/plain; charset=ISO-8859-1
Hi,
I have uploaded [1] version 1.0.2 of MARC::File::XML, a Perl module
which is used by Koha. This is a security release that repairs an XML
external entity (XXE) vulnerability. I know of
Hi,
On Wed, Jan 22, 2014 at 2:33 PM, David Cook wrote:
> If/when libmarc-xml-perl gets added to debian.koha-community.org, will Koha
> users who installed via the Debian packages get the update automatically?
As Robin mentioned, the new package is now available.
To answer your question, in gene
Galen Charlton schreef op di 21-01-2014 om 10:32 [-0800]:
> I imagine that an updated Debian package of libmarc-xml-perl will be
> made available on debian.koha-community.org at some point as well.
This is available now.
--
Robin Sheat
Catalyst IT Ltd.
✆ +64 4 803 2204
GPG: 5FA7 4B49 1E4D CAA4 4
Hi,
I have uploaded [1] version 1.0.2 of MARC::File::XML, a Perl module
which is used by Koha. This is a security release that repairs an XML
external entity (XXE) vulnerability. I know of at least one way that
the vulnerability could be used by an individual who has staff
interface credentials t
12 matches
Mail list logo